U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*
There are 1,892 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2023-29534

Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.

Published: June 19, 2023; 7:15:09 AM -0400
V3.1: 9.1 CRITICAL
V2.0:(not available)
CVE-2023-25747

A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 110.1.0.

Published: June 19, 2023; 7:15:09 AM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-25736

An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. This vulnerability affects Firefox < 110.

Published: June 19, 2023; 7:15:09 AM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-25733

The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox < 110.

Published: June 19, 2023; 7:15:09 AM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2019-25136

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70.

Published: June 19, 2023; 7:15:09 AM -0400
V3.1: 10.0 CRITICAL
V2.0:(not available)
CVE-2023-32216

Memory safety bugs present in Firefox 112. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113.

Published: June 19, 2023; 6:15:09 AM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-32214

Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

Published: June 19, 2023; 6:15:09 AM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-32210

Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability affects Firefox < 113.

Published: June 19, 2023; 6:15:09 AM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-32209

A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox < 113.

Published: June 19, 2023; 6:15:09 AM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-32208

Service workers could reveal script base URL due to dynamic `import()`. This vulnerability affects Firefox < 113.

Published: June 19, 2023; 6:15:09 AM -0400
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2023-29532

A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.

Published: June 19, 2023; 6:15:09 AM -0400
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-29531

An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.

Published: June 19, 2023; 6:15:09 AM -0400
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-32215

Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

Published: June 02, 2023; 1:15:13 PM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-32213

When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

Published: June 02, 2023; 1:15:13 PM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-32212

An attacker could have positioned a <code>datalist</code> element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

Published: June 02, 2023; 1:15:13 PM -0400
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-32211

A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

Published: June 02, 2023; 1:15:13 PM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-32207

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

Published: June 02, 2023; 1:15:13 PM -0400
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-32206

An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

Published: June 02, 2023; 1:15:13 PM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-32205

In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

Published: June 02, 2023; 1:15:13 PM -0400
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-29551

Memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.

Published: June 02, 2023; 1:15:13 PM -0400
V3.1: 8.8 HIGH
V2.0:(not available)